Threat Actor Claiming a 0-day in Linux LPE Via GRUB bootloader

andreasc
-
0
Threat Actor Claiming a 0-day in Linux LPE Via GRUB bootloader
[ad_1]

A new threat actor has emerged, claiming a zero-day vulnerability in the Linux GRUB bootloader that allows for local privilege escalation (LPE).

This alarming development has raised significant concerns within the cybersecurity community.

A recent tweet from Dark Web Intelligence shared that the Threat Actor Claimed a 0-day in Linux LPE Via GRUB bootloader.

Scan Your Business Email Inbox to Find Advanced Email Threats - Try AI-Powered Free Threat Scan

The Vulnerability

The zero-day vulnerability reportedly affects the GRUB bootloader, a critical component most Linux systems use to manage the boot process.

The exploit allows attackers to bypass authentication mechanisms, potentially gaining root access to the system.

This type of vulnerability is hazardous as it can be used to install persistent and stealthy malware, making detection and mitigation challenging.

This is not the first time GRUB has been targeted.

In 2015, a similar vulnerability (CVE-2015-8370) was discovered. It allowed attackers to bypass authentication by pressing the backspace key 28 times at the GRUB username prompt.

This flaw affected GRUB versions from 1.98 to 2.02 and was widely exploited before being patched. 

More recently, in 2020, the BootHole vulnerability (CVE-2020-10713) was identified, which could be exploited to install malware during the boot process.

Implications and Response

The implications of this new zero-day are severe.

If exploited, attackers could gain complete control over affected systems, leading to data breaches, system disruptions, and potential espionage.

Major Linux distributions, including Debian, RedHat, and Ubuntu, have quickly released advisories and patches for previous GRUB vulnerabilities, and they are expected to respond similarly to this new threat.

Cybersecurity experts urge users to stay vigilant and apply security updates as soon as they become available.

Additionally, system administrators are advised to implement security hardening measures to mitigate the risk of exploitation during the window of vulnerability.

This new zero-day vulnerability in the Linux GRUB bootloader underscores the ongoing challenges in securing critical system components.

As the cybersecurity community works to address this threat, users must remain proactive in maintaining their systems’ security.

Free Webinar! 3 Security Trends to Maximize MSP Growth -> Register For Free


[ad_2]
Source link

Google Pixel vulnerability is worrying even the US government

andreasc
-
0
Google Pixel vulnerability is worrying even the US government
[ad_1]

The latest monthly Pixel security update revealed a vulnerability that could be exploited, and that has even worried the US government. Officials were urged to update their phones within a maximum of 10 days or stop using them.

The US government warns federal employees to update their Pixel devices or stop using them

The vulnerability in question is listed as CVE-2024-32896. It could go unnoticed in normal situations, but Google added a note giving it special importance. The note says: “There are indications that CVE-2024-32896 may be under limited, targeted exploitation.” The entry is listed as “High Severity.”

Google has not revealed more specific details about the vulnerability. However, the US government warned all federal employees that “Android Pixel contains an unspecified vulnerability in the firmware that allows for privilege escalation.” The term “privilege escalation” refers to the fact that exploiting the vulnerability potentially allows the capture or access of the data of the attacked person.

It’s noteworthy that the vulnerability that is worrying the U.S. government is a “zero-day exploit.” This means that it was already present for a while but had not been detected by the OS developer or phone manufacturer. Therefore, there was no patch available yet to fix it.

Fix available with the QPR3 update

It’s noteworthy that, for Google Pixel devices, the fix is available with the latest Android 14 QPR3 (June) update. So, it is recommended that all Pixel device users update their devices if they have not already done so. That said, the GrapheneOS team says that the vulnerability could also be present in Android devices from other brands. However, the fix for them will be available with Android 15.

It is very unlikely that your device will be the target of an attack using the CVE-2024-32896 vulnerability. After all, Google is using the term “limited, targeted exploitation,” in the listing. However, it never hurts to keep your mobile device up-to-date in terms of security. You can update your Pixel device by going to Settings > System > Software Updates.


[ad_2]
Source link

Apple charged under EU’s DMA rules for App Store violations

andreasc
-
0
Apple charged under EU’s DMA rules for App Store violations
[ad_1]

Apple has become the first company to be charged under the European Union’s Digital Markets Act (DMA). The European lawmakers found the iPhone maker non-compliant with their app store rules. It allegedly doesn’t allow app developers to freely steer users to offers outside its App Store. The European Commission has sent a formal warning to the company over the matter. The EU also launched a fresh investigation into Apple’s support for third-party iOS app marketplaces.

The EU charged Apple with violating DMA rules for app stores

The DMA is the EU’s new law aimed at identifying and regulating digital gatekeepers so the market is fairer and more contestable for all players, big and small. The so-called six gatekeepers—Apple, Amazon, Microsoft, Alphabet (Google), Meta, and ByteDance (TikTok)—were given until March 2024 to comply with the new rules. Among those is a rule that makes third-party developers more independent in choosing payment avenues and installation sources for their apps.

Developers can steer users to other platforms with better offers, and the gatekeepers can’t stop them. They also can’t levy any fee on developers for doing so. However, Apple didn’t fully comply with this rule. While it did open up the App Store to outside stores and payment avenues, the company tried to play smart. First, it froze Fortnite and Epic’s developer accounts for steering users away. And when it lifted the ban, the iPhone maker charged a 27% commission on transactions.

Of course, European lawmakers were watching this and promptly charged Apple under the DMA. “Our preliminary position is that Apple does not fully allow steering,” said Margrethe Vestager, the head of competition policy in Europe. “Steering is key to ensure that app developers are less dependent on gatekeepers’ app stores and for consumers to be aware of better offers.” Apple has until March 2025 to respond to the EU’s allegations, which is a long time to make amendments.

If Apple still doesn’t comply with the EU’s DMA rules, it faces a fine of up to 10% of its annual worldwide revenue. Based on last year’s earnings, the fine would amount to $38 billion. The fine amount increases to 20% of the annual revenue if a company is charged with repeat infringements. Time will tell how Apple will respond. The EU previously fined the company €1.84 billion (approx. $2 billion) for similar anti-steering practices in an antitrust case pre-dating the DMA.

Apple is also facing a fresh investigation from the European watchdog

Apple has another case looming over its head in Europe. The EU is investigating its policies for third-party iOS app stores. The primary focus is on the company’s Core Technology Fee, which requires outside app stores and apps to pay a €0.50 fee per installation. Apple also makes users pass through a laborious multi-step process to install third-party marketplaces and apps from those marketplaces. All the while, it shows various warnings to try and restrict users to its App Store.

Additionally, the EU is looking into Apple’s various eligibility requirements for developers to be able to offer third-party app stores. “The developers’ community and consumers are eager to offer alternatives to the App Store. We will investigate to ensure Apple does not undermine these efforts,” said Vestager. Apple, meanwhile, recently blamed the DMA’s “regulatory uncertainties” for delaying the launch of its AI features in Europe. The firm says the EU’s interoperability requirements are a threat to privacy and security.


[ad_2]
Source link

Blackmagic releases its excellent camera app for Android, but only if you have certain devices

andreasc
-
0
Blackmagic releases its excellent camera app for Android, but only if you have certain devices
[ad_1]

Image credit — Blackmagic

Blackmagic, a name known for high-quality digital film cameras and DaVinci Resolve video editing software, has released a free camera app for Android devices that promises to deliver professional-level video controls to smartphones.

The Blackmagic Camera app, now available on the Google Play Store, is packed with features that will appeal to experienced videographers, including histograms, audio meters, focus assist, frame guides, and a customizable viewfinder. Users can record videos in up to 8K resolution on compatible devices and have full control over shutter speed, ISO, white balance, tint, and 3D LUTs.

The app works with all camera sensors on a phone and supports recording in the H.265 codec with Rec.709 or HLG10 color space. It also integrates with DaVinci Resolve, allowing users to upload footage directly to a specific project.

Blackmagic Camera for Android supports many of the features of its iOS counterpart | Images credit — Blackmagic

While the Blackmagic Camera app unlocks a wide range of professional shooting options, it’s important to remember that the app itself can’t magically enhance the physical camera hardware on your phone. This means that the maximum recording resolution you’ll be able to achieve will ultimately be determined by the capabilities of your phone’s camera sensors. For instance, while the app can take advantage of the high-end hardware in the Samsung Galaxy S23 Ultra to capture stunning 8K footage, it will be limited to 4K resolution on the Google Pixel 8 Pro, which has a less powerful camera system.

It’s true that some advanced controls might already be available in the Pro mode of certain Android phones, particularly those from Samsung and Xiaomi. However, for Pixel users this will be a game-changer, as they will find that the Blackmagic Camera app offers significantly more powerful options than the standard Pixel Camera app. Grant Petty, Blackmagic Design CEO, said of this launch:

The Blackmagic Camera app for iPhone has been incredibly popular since it was launched last year. We are excited to be able to give customers with Samsung Galaxy or Google Pixel phones the same controls for shooting digital film as our professional cameras. Plus, the Blackmagic Cloud workflow lets customers record to Blackmagic Cloud Storage and automatically sync with DaVinci Resolve. It’s really exciting to be able to give even more customers the ability to get their footage to the newsroom or post-production studios in literally seconds.

The Blackmagic Camera app is currently in its early stages, and Blackmagic Design has only confirmed compatibility with a limited selection of recent flagship smartphones. However, the app is expected to receive updates in the future that may broaden its compatibility with additional devices. So far, the app has been successfully installed and confirmed to work on the below devices:

I was disappointed to see that the Google Pixel Fold, Samsung Galaxy Z Fold 5, OnePlus Open, and OnePlus 12 were left out of the list of supported devices. I was very excited to try this out on my Pixel Fold, only to be met with a sad no. Hopefully support for these devices will be added soon as their specs can certainly handle the requirements for this app. 

[ad_2]
Source link

Google Addressed Numerous Security Flaws With Chrome 126

andreasc
-
0
Google Addressed Numerous Security Flaws With Chrome 126
[ad_1]

With the latest Chrome 126 release, Google patched multiple security flaws affecting the browser, including a high-severity vulnerability exploited at a hacking event.

Google Chrome 126 Fix Multiple Security Flaws

This week, Google rolled out the Chrome browser version 126 (stable release) for the users. Like most security updates, this stable release also addressed numerous security flaws in the browser that could have severely impacted users when exploited.

One of these vulnerabilities includes a type confusion vulnerability in Chrome’s V8 component. The vulnerability first caught the attention of security researcher Seunghyun Lee, who demonstrated the flaw at the recent SSD Secure Disclosure’s TyphoonPWN 2024 hacking event. Identified as CVE-2024-6100, this vulnerability received a high severity rating and earned the researchers a $20,000 bounty for the discovery.

Another major security fix addressed CVE-2024-6101, a high-severity vulnerability due to inappropriate implementation in WebAssembly. Google credited the researcher with the alias “ginggilBesel” for reporting the flaw, who also won a $7000 bounty.

Besides, this Chrome release also includes two other security fixes for high-severity vulnerabilities in Dawn. These are CVE-2024-6102, an out-of-bounds memory access, and CVE-2024-6103, a use-after-free flaw. Google acknowledged the researcher with the alias “wgslfuzz” for reporting both vulnerabilities.

As mentioned in Google’s release update, these security fixes have been released with Chrome 126.0.6478.114/115 for Windows and Mac devices and 126.0.6478.114 for Linux systems. Moreover, the tech giant released the same security patches with Chrome for Android version 126.0.6478.110, which users may download from the Google Play Store.

Since Google released these patches with the respective Chrome browsers for different systems, users must keep their devices updated with the latest browser releases to remain safe. Thankfully, none of these vulnerabilities is zero-day, saving users from the worries of active attacks. Still, keeping all devices up-to-date with the latest releases is important for better security.

Let us know your thoughts in the comments.


[ad_2]
Source link

OnePlus Pad Pro live images surface ahead of launch

andreasc
-
0
OnePlus Pad Pro live images surface ahead of launch
[ad_1]

The OnePlus Pad Pro live images have just appeared, ahead of launch, following official renders. As a reminder, this tablet is expected to arrive in a couple of days, on June 27. It will be accompanied by a number of other devices, more on that later on.

The OnePlus Pad Pro live images have just surfaced

Nine OnePlus Pad Pro live images have surfaced, courtesy of Digital Chat Station. This is one of the most prolific tipsters in the industry, so chances are that these images are spot on.

We get to see the tablet from both front and back here. It will have rather thin bezels (for a tablet), but not too thin, so you’ll be able to grip it… easily. Glass will be included on the back, with a centered OnePlus logo.

A single camera will be included inside a circular camera island, while an LED flash will also sit in there. That camera island will be centered up top, looking from a horizontal position, of course. The frame on the sides will be rounded, and both the front and the back side will curve into it.

This tablet will look a lot like the company’s current-gen model

Design-wise, this thing looks very similar to the OnePlus Pad 2. The bezels on it do seem to be a bit thicker, though, but not by much. This tablet is expected to include the Snapdragon 8 Gen 3 SoC, Qualcomm’s most powerful chip.

Now, you’ll also notice that a keyboard accessory is pictured in the provided images. The same goes for a stylus. Well, both of those accessories will likely be announced on June 27 too.

In addition to the OnePlus Pad Pro, OnePlus is aiming to launch the OnePlus Watch 3 on June 27. The OnePlus Ace 3 Pro will also be announced, and the same goes for the OnePlus Buds Pro 3.

OnePlus will have a lot on its plate on June 27. All of these devices are expected to launch globally too, though the OnePlus Ace 3 Pro will likely be called the OnePlus 12T.


[ad_2]
Source link

Transform your home decor with Wallpics wall-pictures-tiles

andreasc
-
0
Transform your home decor with Wallpics wall-pictures-tiles
[ad_1]

In the realm of home decor, finding unique and personalized ways to enhance your living space can be a delightful challenge. Wallpics wall-pictures-tiles offer an innovative and stylish solution to this challenge, allowing you to transform your walls with ease and creativity. These customizable photo tiles provide a fresh, modern take on displaying your cherished memories, blending convenience, aesthetics, and personalization into one seamless package. In this article, we’ll explore the benefits of Wallpics wall-pictures-tiles and how they can revolutionize your home decor.

What Are Wallpics Wall-Pictures-Tiles?

Wallpics wall-pictures-tiles are lightweight, frameless photo tiles that can be easily affixed to your walls without the need for nails or hooks. Made from durable, high-quality materials, these tiles are designed to showcase your favorite photos in a sleek and contemporary format. The tiles stick to the wall using special adhesive strips, making it simple to arrange, rearrange, and remove them without damaging your walls.

Personalization at Its Best

One of the standout features of Wallpics wall-pictures-tiles is the ability to personalize your space with ease. You can select photos that hold special meaning to you, such as family portraits, travel memories, or artistic shots, and transform them into stunning wall art. This level of customization ensures that your decor is a true reflection of your personality and experiences, adding a deeply personal touch to your home.

Easy to Install and Rearrange

Gone are the days of struggling with nails, hammers, and levels to hang pictures on your walls. Wallpics Wall Pictures offer a hassle-free installation process that anyone can manage. The adhesive strips on the back of each tile allow you to simply peel and stick the tiles onto your wall. If you want to change the arrangement or move the tiles to a different room, you can easily remove them without leaving any residue or damage. This flexibility is perfect for those who like to refresh their decor frequently or who live in rental properties where wall damage must be avoided.

Versatile and Stylish

Wallpics wall-pictures-tiles are designed to complement a variety of decor styles, from modern and minimalist to cozy and eclectic. The frameless design gives a clean and sleek look that can blend seamlessly into any room. Whether you’re looking to create a gallery wall in your living room, a personal photo display in your bedroom, or an artistic arrangement in your office, these tiles offer a versatile and stylish solution.

Quality and Durability

When it comes to displaying your cherished photos, quality matters. Wallpics wall-pictures-tiles are made from premium materials that ensure your photos look vibrant and sharp. The printing technology used guarantees high-resolution images with excellent color accuracy, bringing your memories to life on your walls. Additionally, the tiles are durable and designed to last, maintaining their appearance over time without fading or warping.

Perfect for Any Room

Wallpics wall-pictures-tiles are a great addition to any room in your home. In the living room, they can create a focal point or a conversation starter. In the bedroom, they can add a personal touch and make the space feel more intimate. In the hallway, they can brighten up the area and make it more inviting. Even in the kitchen or bathroom, these tiles can add a touch of creativity and style. Their versatility makes them suitable for any space, allowing you to carry a cohesive design theme throughout your home.

Ideal for Gifts

Looking for a thoughtful and unique gift? Wallpics wall-pictures-tiles make an excellent choice. Whether it’s for a birthday, anniversary, housewarming, or any other special occasion, personalized photo tiles are a heartfelt gift that shows you’ve put thought into creating something special. You can select meaningful photos that hold significance to the recipient, making it a gift that will be cherished for years to come.

How to Get Started with Wallpics

Getting started with Wallpics wall-pictures-tiles is simple and straightforward. Here’s how you can create your own personalized photo tiles:

1. Select Your Photos: Choose the photos you want to display. High-resolution images work best to ensure the quality of the print.

2. Upload Your Photos: Visit the Wallpics website and upload your selected photos. The user-friendly interface makes it easy to upload and arrange your images.

3. Customize Your Tiles: Once your photos are uploaded, you can customize your tiles by selecting the layout and order. Preview your arrangement to ensure it’s exactly how you want it.

4. Place Your Order: After finalizing your design, place your order. Wallpics will print your photos onto the tiles and ship them to you.

5. Install Your Tiles: Once you receive your tiles, you can start decorating. Simply peel off the backing and stick the tiles to your wall. Rearrange as needed until you’re satisfied with the display.

Conclusion

Wallpics wall-pictures-tiles offer a modern, stylish, and highly personalized way to decorate your home. With their ease of installation, versatility, and high-quality finish, these photo tiles are a perfect solution for anyone looking to add a personal touch to their decor. Whether you’re decorating a new home, refreshing your current space, or searching for a unique gift, Wallpics wall-pictures-tiles provide a beautiful and meaningful option that will transform your walls and showcase your cherished memories. Embrace the creative possibilities and let Wallpics help you turn your photos into stunning wall art that enhances your home’s aesthetic and tells your unique story.


[ad_2]
Source link

Time to update your contact pics as Google Messages now shows them bigger

andreasc
-
0
Time to update your contact pics as Google Messages now shows them bigger
[ad_1]

A discussion is a place, where people can voice their opinion, no matter if it is positive, neutral or negative. However, when posting, one must stay true to the topic, and not just share some random thoughts, which are not directly related to the matter.

Things that are NOT allowed:

  • Off-topic talk – you must stick to the subject of discussion
  • Trolling – see a description
  • Flame wars
  • Offensive, hate speech – if you want to say something, say it politely
  • Spam/Advertisements – these posts are deleted
  • Multiple accounts – one person can have only one account
  • Impersonations and offensive nicknames – these accounts get banned

Moderation is done by humans. We try to be as objective as possible and moderate with zero bias. If you think a post should be moderated – please, report it.

Have a question about the rules or why you have been moderated/limited/banned? Please, contact us.

[ad_2]
Source link

LockBit Ransomware Claims 33 TB of US Federal Reserve Data for Ransom

andreasc
-
0
LockBit Ransomware Claims 33 TB of US Federal Reserve Data for Ransom
[ad_1]

The notorious LockBit ransomware gang claims to have breached the Federal Reserve Board (Federalreserve.gov), the central banking system of the United States, and is holding 33 terabytes of data for ransom.

Although these claims sound far-fetched, the ransomware gang has warned the US government of a June 25, 2024, deadline, after which the allegedly stolen data could be leaked to the public.

At the time of writing, the type of data extracted by LockBit is unclear. However, as seen by Hackread.com, a statement from the cybercrime enterprise on its new dark web leak site hints at “33 terabytes of juicy banking information” containing “American banking secrets.” Another statement by the ransomware group suggested that there are ongoing negotiations between them and the US government.

“33 terabytes of juicy banking information containing Americans’ banking secrets. You better hire another negotiator within 48 hours, and fire this clinical idiot who values Americans’ bank secrecy at $50,000.”

LockBit Ransowmare

The statement from LockBit appears to be a taunt directed at the US Federal Reserve, suggesting dissatisfaction with the current negotiator, if any, handling the ransom negotiations.

LockBit Ransomware Claims 33 TB of US Federal Reserve Data for Ransom
Screenshot from the LockBit ransomware gang’s dark web leak site (Credit: Hackread.com)

LockBit Claims and Realities

LockBit is notorious for its high-profile data breaches, including incidents involving Boeing, ICBC Bank, Bangkok Airways, and others. A recent report from the NCC Group revealed that LockBit is the most active ransomware gang, even after its infrastructure was seized and its alleged leader was exposed as Dmitry Yuryevich Khoroshev by law enforcement authorities.

Despite this, the group is known for claiming high-profile targets, which are often dismissed by the companies involved. For instance, in April 2023, the group announced it had breached Darktrace, a prominent Cambridge-based cybersecurity company. These claims were swiftly dismissed by the company.

In June 2022, the group claimed to have breached Google-owned Mandiant cybersecurity. However, the company did not find any evidence of a data breach.

Nevertheless, the current situation is that the group has claimed Federalreserve.gov as its new victim. Hackread.com is monitoring the situation and has reached out to the US Cybersecurity and Infrastructure Security Agency (CISA) for comment. Stay tuned!

  1. LockBit Ransomware Gang Returns, Taunts FBI
  2. LockBit Affiliate Sentenced to 4 Years in Canada
  3. LockBit Ransomware Gang in Decline May Be Compromised
  4. LockBit Takedown: Source Code, Arrests, Recovery Tool Revealed
  5. LockBit ransomware gang blames victim for DDoS attack on its website

[ad_2]
Source link

Here are all color options of OnePlus’ upcoming high-end phone

andreasc
-
0
Here are all color options of OnePlus’ upcoming high-end phone
[ad_1]

OnePlus will launch a handful of devices on June 27. One of those devices will be the OnePlus Ace 3 Pro. This will be a high-end phone from OnePlus, and all of its color options have just been revealed.

Colors options of OnePlus’ upcoming high-end phone have just been revealed

OnePlus revealed those colors by sharing official renders of the upcoming OnePlus Ace 3 Pro handset. You can check them out in the gallery below the article. There are four images included there.

As you can see, the phone will come in three color variants. It seems like different backplate materials will be used too. The ‘Green Field Green’ color will have a vegan leather backplate with a nice pattern on it. It will be green, needless to say.

The ‘Supercar Porcelain Collector’s Edition’ model will have a white ceramic backplate. And last, but not least, the Titanium Sky Mirror Silver model will have a glass backplate, a glossy silver one.

This device will likely be rebranded to the OnePlus 12T… for global markets

This phone looks very similar to the OnePlus 12 in terms of the design. It will almost certainly be re-released as the OnePlus 12T for global markets, as this variant is aimed for the Chinese market. That happened in the past, so… it’s likely what will happen this time around too.

The phone seemingly has three cameras on the back, as part of its round camera island. Its back side is curved, and the same goes for its front, even though we can’t see it here. It will have thin bezels and a centered display camera hole.

This phone will be fueled by the Snapdragon 8 Gen 3 SoC. It will feature a 6.78-inch 1.5K LTPO OLED display with a 120Hz refresh rate. Android 14 will be included too, as will a 6,100mAh battery. 100W charging will be on offer, and much more.

In addition to this device, OnePlus will also announce the OnePlus Watch 3 smartwatch, OnePlus Pad Pro tablet, and the OnePlus Buds Pro 3 earbuds.


[ad_2]
Source link
1...878889...1,452Page 88 of 1,452